Commit Graph

187 Commits (c1c1580bf8110c08e2f82feba26e9eccd4f11e6e)

Author SHA1 Message Date
Daniel Nephin c1c1580bf8 ca: only return the leaf cert from Sign in vault provider
3 years ago
FFMMM 78264a8030
Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311)
3 years ago
Daniel Nephin 51b0f82d0e Make test more readable
3 years ago
Daniel Nephin 608597c7b6 ca: relax and move private key type/bit validation for vault
3 years ago
Daniel Nephin 7839b2d7e0 ca: add a test that uses an intermediate CA as the primary CA
3 years ago
Daniel Nephin 9b7468f99e ca/provider: remove ActiveRoot from Provider
3 years ago
Daniel Nephin c2b9c81a55 ca: update MockProvider for new interface
3 years ago
Daniel Nephin f05bad4a1d ca: update GenerateRoot godoc
3 years ago
R.B. Boyer b60d89e7ef bulk rewrite using this script
3 years ago
R.B. Boyer 31f6f55bbe test: normalize require.New and assert.New syntax
3 years ago
Daniel Nephin 4116a143e0 fix misleading errors on vault shutdown
3 years ago
Daniel Nephin 214dcf8d0d ca: use the real FSM operation in tests
3 years ago
Daniel Nephin 81afb208ac
Merge pull request #11677 from hashicorp/dnephin/freeport-interface
3 years ago
R.B. Boyer db91cbf484
auto-config: ensure the feature works properly with partitions (#11699)
3 years ago
Daniel Nephin d795a73f78 testing: use the new freeport interfaces
3 years ago
Daniel Nephin b92084b8e8 ca: reduce consul provider backend interface a bit
3 years ago
Iryna Shustava 0ee456649f
connect: Support auth methods for the vault connect CA provider (#11573)
3 years ago
Daniel Nephin b4080bc0dc ca: use the cluster ID passed to the primary
3 years ago
Daniel Nephin b9ab9bae12 ca: accept only the cluster ID to SpiffeIDSigningForCluster
3 years ago
R.B. Boyer 1e02460bd1
re-run gofmt on 1.17 (#11579)
3 years ago
Connor efe4b21287
Support Vault Namespaces explicitly in CA config (#11477)
3 years ago
FFMMM 61bd417a82
plumb thru root cert tll to the aws ca provider (#11449)
3 years ago
FFMMM 6004a21f35
fix aws pca certs (#11470)
3 years ago
FFMMM 4ddf973a31
add root_cert_ttl option for consul connect, vault ca providers (#11428)
3 years ago
Daniel Nephin 7337cfd6dc
Merge pull request #11340 from hashicorp/dnephin/ca-manager-provider
3 years ago
freddygv 327e6bff25 Leave todo about default name
3 years ago
freddygv 935112a47a Account for partition in SNI for gateways
3 years ago
freddygv 53ea1f634a Ensure partition is handled by auto-encrypt
3 years ago
Daniel Nephin b2f49279e2 ca: split Primary/Secondary Provider
3 years ago
freddygv fc8fc060a7 Remove ent checks from oss test
3 years ago
freddygv bf7a1358d6 Ensure partition is defaulted in authz
3 years ago
freddygv 95a6db9cfa Account for partitions in ixn match/decision
3 years ago
Dhia Ayachi bc0e4f2f46
partition dicovery chains (#10983)
3 years ago
Dhia Ayachi 09197c989c
add partition to SNI when partition is non default (#10917)
3 years ago
Dhia Ayachi 58bd817336
check expiry date of the root/intermediate before using it to sign a leaf (#10500)
3 years ago
R.B. Boyer 6c47efd532
connect/ca: ensure edits to the key type/bits for the connect builtin CA will regenerate the roots (#10330)
3 years ago
R.B. Boyer 7bf9ea55cf
connect/ca: require new vault mount points when updating the key type/bits for the vault connect CA provider (#10331)
3 years ago
Daniel Nephin 0ccad1d6f7
Merge pull request #10479 from hashicorp/dnephin/ca-provider-explore-2
3 years ago
Daniel Nephin bf292cbae4 ca: use provider constructors to be more consistent
3 years ago
Dhia Ayachi 5ed56fc786 check error when `raftApplyMsgpack`
3 years ago
Daniel Nephin 6228c4a53c ca: fix mockCAServerDelegate to work with the new interface
3 years ago
Daniel Nephin fc14f5ab14 ca: move provider creation into CAManager
3 years ago
Daniel Nephin 2c4f22a9f0
Merge pull request #10552 from hashicorp/dnephin/ca-remove-rotation-period
3 years ago
jkirschner-hashicorp 5f73de6fbc
Merge pull request #10560 from jkirschner-hashicorp/change-sane-to-reasonable
3 years ago
Daniel Nephin 3a045cca8d ca: remove unused RotationPeriod field
3 years ago
Jared Kirschner bd536151e1 Replace use of 'sane' where appropriate
3 years ago
Dhia Ayachi 9b45107c1e
Format certificates properly (rfc7468) with a trailing new line (#10411)
3 years ago
R.B. Boyer ed8a901be7
connect: include optional partition prefixes in SPIFFE identifiers (#10507)
3 years ago
R.B. Boyer a2876453a5
connect/ca: cease including the common name field in generated certs (#10424)
3 years ago
Daniel Nephin f52d76f096 ca: replace ca.PrimaryIntermediateProviders
3 years ago